Secure exchange of communications and transactions over public networks, such as the Internet, are prevalent. Secure network connections between computing devices requires, among other things, identity authentication. For example, online bank transactions require certainty that a client computer is in fact connected to the specific bank server computer with which the client wants to perform banking transactions. Digital certificates are recognized as a commonly practiced means of authenticating identities of computing devices such as server computers, client computers, network support computers or other computing devices, on the Internet or other networks. A public key certificate is one type of digital certificate that serves as electronic credentials which bind the identity of the certificate owner to a pair of digital keys (public and private). Digital keys can be used to encrypt, decrypt, and sign information digitally, forming a basis of secure communication and authentication over the Internet or other networks. Digital certificates enable network-interconnected computing devices to establish the identity of another computing device connected to the network by authentication from a trusted, known source referred to as a certification authority.
The certification authority is recognized and trusted by owners of both certificate sending and receiving computing devices on the network. The certification authority has important roles that include issuing digital certificates after authenticating the requestor's identity, providing public key—private key pairing, signing the digital certificate which confirms the certificate's authenticity, and managing the issued certificates by maintaining certificate revocation lists and possibly re-issuing expired certificates. By digitally signing a certificate the certification authority confirms the identity of the certificate subject (owner) and binds the identity to the public key in the certificate. Recipients of the public key certificate can trust that the subject holds the private key uniquely corresponding to the public key in the digital certificate. Once digitally signed, the contents of the certificate cannot be tampered with without detection and subsequent certificate rejection.
Public key certificates are made generally available and the public key can be used to encrypt data to be sent to the computing device holding the corresponding private key of the public-private key pair. In this manner only the holder of the private key can decrypt a message encrypted with the public key certificate.
Digital certificates are composed of attributes containing information used in authentication and can be thought of as a certificate's data structure. The data structure includes a serial number, information regarding the certificate issuer and subject, the public key, a validity period and other attributes. The validity period establishes the timeframe in which the certificate is valid. A computer's internal date and time is typically referred to as the local date and time. In addition to identity authentication, the validity period attribute of the certificate is compared to a local source of the current date and time. For example, a computing device having received a digital certificate may compare the validity period of the certificate to its internal current date and time value, to determine if the certificate has expired. If a certificate has expired it is considered to be invalid, is rejected, and the connection between the computing devices is typically discontinued.